Please fill out the fields below so we can help you better. Note: you must provide your domain name to get help. Domain names for issued certificates are all made public in Certificate Transparency logs (e.g. crt.sh | example.com), so withholding your domain name here does not increase secrecy, but only makes it harder for us to provide help.
I ran this command: /opt/letsencrypt/certbot-auto renew
It produced this output:
Attempting to parse the version 1.12.0 renewal configuration file found at /etc/letsencrypt/renewal/library.mominoun.com.conf with version 1.9.0 of Certbot. This might not work.
Cert is due for renewal, auto-renewing...
Could not choose appropriate plugin: The manual plugin is not working; there may be problems with your existing configuration.
The error was: PluginError('An authentication script must be provided with --manual-auth-hook when using the manual plugin non-interactively.',)
Attempting to renew cert (library.mominoun.com) from /etc/letsencrypt/renewal/library.mominoun.com.conf produced an unexpected error: The manual plugin is not working; there may be problems with your existing configuration.
The error was: PluginError('An authentication script must be provided with --manual-auth-hook when using the manual plugin non-interactively.',). Skipping.
All renewal attempts failed. The following certs could not be renewed:
/etc/letsencrypt/live/library.mominoun.com/fullchain.pem (failure)
All renewal attempts failed. The following certs could not be renewed:
/etc/letsencrypt/live/library.mominoun.com/fullchain.pem (failure)
1 renew failure(s), 0 parse failure(s)
My web server is (include version):
The operating system my web server runs on is (include version):
My hosting provider, if applicable, is:
I can login to a root shell on my machine (yes or no, or I don't know):
I'm using a control panel to manage my site (no, or provide the name and version of the control panel):
The version of my client is (e.g. output of certbot --version or certbot-auto --version if you're using Certbot):
It appears that you used manual authentication when you first acquired your certificate. Since the renew command is fully automated, you would need to supply scripts to use manual authentication for renewal. For now, you could just use the same command that you used to first acquire your certificate to acquire a renewal certificate.
Something like this:
sudo /opt/letsencrypt/certbot-auto certonly --manual --preferred-challenges dns -d "library.mominoun.com"
Update:
I'm a bit confused why the DNS for library.mominoun.com has a CNAME record pointed at ec2-34-255-45-199.eu-west-1.compute.amazonaws.com rather than simply having an A record pointed at 34.255.45.199. From the certificate history of library.mominoun.com, it looks like you're using cPanel hosting, which might offer AutoSSL or some other easier way to maintain your certificate than manual authentication of your domain name.
i run this cmd :
sudo /opt/letsencrypt/certbot-auto certonly --manual --preferred-challenges dns -d "library.mominoun.com"
the result is :
Press Enter to Continue
Waiting for verification...
Challenge failed for domain library.mominoun.com
dns-01 challenge for library.mominoun.com
Cleaning up challenges
Some challenges have failed.
IMPORTANT NOTES:
The following errors were reported by the server:
Domain: library.mominoun.com
Type: dns
Detail: DNS problem: NXDOMAIN looking up TXT for
_acme-challenge.library.mominoun.com - check that a DNS record
exists for this domain
[quote="Osiris, post:4, topic:152217"]
That's not the entire result. Certbot would also have outputted an instruction for you to carry out. Did you do that?
[/quoyes
this is the result
root@ip-172-31-47-28:~# sudo /opt/letsencrypt/certbot-auto certonly --manual --preferred-challenges dns -d "library.mominoun.com"
Your system is not supported by certbot-auto anymore.
certbot-auto and its Certbot installation will no longer receive updates.
You will not receive any bug fixes including those fixing server compatibility
or security problems.
Please visit https://certbot.eff.org/ to check for other alternatives.
Saving debug log to /var/log/letsencrypt/letsencrypt.log
Plugins selected: Authenticator manual, Installer None
Attempting to parse the version 1.12.0 renewal configuration file found at /etc/letsencrypt/renewal/library.mominoun.com.conf with version 1.9.0 of Certbot. This might not work.
Cert is due for renewal, auto-renewing...
Renewing an existing certificate
Performing the following challenges:
dns-01 challenge for library.mominoun.com
NOTE: The IP of this machine will be publicly logged as having requested this
certificate. If you're running certbot in manual mode on a machine that is not
your server, please ensure you're okay with that.
Are you OK with your IP being logged?
(Y)es/(N)o: Y
Please deploy a DNS TXT record under the name
_acme-challenge.library.mominoun.com with the following value:
WMbaSI97wywzesH2wsx_SV1ptQnQedgi5p8GgmF51mE
Before continuing, verify the record is deployed.
Press Enter to Continue
Waiting for verification...
Challenge failed for domain library.mominoun.com
dns-01 challenge for library.mominoun.com
Cleaning up challenges
Some challenges have failed.
IMPORTANT NOTES:
The following errors were reported by the server:
Domain: library.mominoun.com
Type: dns
Detail: DNS problem: NXDOMAIN looking up TXT for
_acme-challenge.library.mominoun.com - check that a DNS record
exists for this domain
root@ip-172-31-47-28:~#
Also, it seems you only require a non-wildcard certificate as there's just the single hostname library.mominoun.com requested. How did you previously get your certificate? Also using DNS? Or did you put a certain file with a token into a directory called /.well-known/acme/challenge/ on your website? As that latter method is usually WAY more simple than using DNS.
And another question for you: why are you using the manual plugin anyway? Do you run certbot on a different computer than where your webserver runs? What kind of hosting do you have? A VPS? Do you have root access to the server? Or are you on shared hosting? It's very unfortunate you didn't answer those questions in the questionnaire presented when you opened this thread. Answers to those questions would very much help us to help you to have the best Let's Encrypt experience possible.
